> About Author
Hi, I'm Sharon, a product manager at Chaitin Tech. We build SafeLine, an open-source Web Application Firewall built for real-world threats. While SafeLine focuses on HTTP-layer protection, our emergency response center monitors and responds to RCE and authentication vulnerabilities across the stack to help developers stay safe.
Curl is one of the most widely used command-line tools for transferring data using various network protocols like HTTP, FTP, and SMTP. Libcurl, the library behind curl, offers a simple yet powerful API for developers to integrate network communications into their apps.
Recently, the curl team released a security patch to fix a high-risk buffer overflow vulnerability (CVE-2023-38545). Our analysis at Chaitin Security indicates that this flaw could lead to remote code execution when specific conditions are met.
Vulnerability Overview
How it works:
When curl is configured to use a SOCKS5 proxy with remote hostname resolution enabled (socks5h) and accesses a malicious URL controlled by an attacker, a buffer overflow can occur. This opens the door to potential code execution on the affected system.
Vulnerability Reproduction
Affected Versions
7.69.0 < libcurl < 8.4.0
Detection
Weβve developed an easy-to-use local scanning tool (CloudWalker) to help sysadmins and developers check if their systems are exposed:
Command to run:
./curl_socks5_cve_2023_38545_scanner_linux_amd64
Download here: Chaitin Stack Tool
Mitigation and Fixes
- Upgrade to curl/libcurl 8.4.0 or later.
- Download the patched version here: Official Curl Advisory
Product Support
- CloudWalker platform now supports full detection and remediation guidance for this vulnerability. Contact the technical team for details.
Timeline
- Oct 4, 2023: Vulnerability publicly disclosed
- Oct 11, 2023: Chaitin Security reproduced and analyzed the issue
- Oct 11, 2023: Official advisory published
Join the SafeLine Community
If you continue to experience issues, feel free to contact SafeLine support for further assistance.
Top comments (0)